Information processing apparatus, method for controlling information processing apparatus, and storage medium

ABSTRACT

An image forming apparatus controls the use of a remote user interface (RUI) by requesting authentication with an RUI access password from a client device in a case where the RUI access password is set. In a case of a department ID management setting, the security setting is different from the RUI access password setting. In this situation, the image forming apparatus requests authentication with the department ID, and then controls the use of the RUI based on the result of the authentication.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No. 14/817,060, filed Aug. 3, 2015, which claims the benefit of Japanese Patent Application No. 2014-161623, filed Aug. 7, 2014, both of which are hereby incorporated by reference herein in their entirety.

BACKGROUND Field

Aspects of the present invention generally relate to an information processing apparatus that can be accessed by external devices.

Description of the Related Art

In recent years, with the advancement of imaging forming apparatus, a low-priced image forming apparatus has come to include network functions as standard. Opportunities of using such apparatus in a network environment have increased not only in large offices but in small offices and at home.

A Web browser running on a personal computer (PC) can display, via a network, statuses and settings of the image forming apparatus that is connected to the network. A user interface displayed on the Web browser is called a remote user interface (remote UI or RUI) while a user interface (UI) equipped in the image forming apparatus is called a local UI (LUI).

While large offices normally assign network administration staff or the like to implement security measures, the security measures in small offices or average households may not be sufficient. In a case where an image forming apparatus without sufficient security control is connected to the network, since an RUI can be accessed from external access and operated, a problem such as leakage of confidential information may occur.

Japanese Patent Application Laid-Open No. 2006-178830 discusses a technique for improving security in which secondary authentication is performed in addition to a normal one on an account that the account owner has not accessed for a long time (for example, an account of an employee on a long business trip or an employee who has left a company).

Image forming apparatuses conventionally have a capability to set a password that is used in authentication against external access via a network. Some image forming apparatuses have an access management function including a mode for setting a department identification (ID) and a password for identifying which department is accessing the image forming apparatus. In addition to such a function, in the mode of the department ID management, privileges to execute specific functions (for example, copying, sending a fax, and so on) can be restricted or the number of output or transmitted pages can be counted for each department ID.

In a case where the mode of department ID management is set, an image forming apparatus can be seen as protected with security measures. In this state, imposing additional authentication on the external access is redundant and hence undermines user convenience. Besides, such a problem is not limited to image forming apparatus alone, but exists in various other information processing apparatus that can communicate with external devices.

SUMMARY

Aspects of the present invention generally provide a device for maintaining security of information processing apparatus, including image forming apparatus, that can communicate with external devices without hampering user convenience.

According to an aspect of the present invention, an information processing apparatus includes a first setting unit configured to make a first setting enabling access restriction from an external device, a control unit configured to request authentication related to the first setting from the external device and to control the access based on a result of the authentication in a case where the first setting is made, and a second setting unit configured to make a second setting different from the first setting. In a case where the second setting is made, the control unit requests authentication related to the second setting from the external device without requesting the authentication related to the first setting and controls the access based on a result of the authentication related to the second setting in case where the second setting is made.

Further features and aspects of the present disclosure will become apparent from the following description of exemplary embodiments with reference to the attached drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram for illustrating a hardware configuration of an image forming apparatus according to exemplary embodiments.

FIG. 2 illustrates transition of screens of an RUI during normal authentication according to a first exemplary embodiment.

FIG. 3 illustrates transition of screens of an RUI when an RUI access password is entered according to the first exemplary embodiment.

FIG. 4 illustrates transition of screens of an RUI when department ID management setting is set according to the first exemplary embodiment.

FIG. 5 is an exemplary flowchart for depicting a process for displaying an RUI authentication screen according to the first exemplary embodiment.

FIG. 6 is a table for describing a relation between settings of the image forming apparatus and authentication screens of an RUI according to the first exemplary embodiment.

FIG. 7 illustrates exemplary setting screens according to the first exemplary embodiment.

FIG. 8 is an exemplary flowchart for depicting a process for displaying an RUI authentication screen according to a second exemplary embodiment.

FIG. 9 is a table for describing a relation between settings of the image forming apparatus and authentication screens of an RUI according to the second exemplary embodiment.

DESCRIPTION OF THE EMBODIMENTS

Described now will be exemplary embodiments with reference to the accompanying drawings.

FIG. 1 is a block diagram for illustrating a hardware configuration of an image forming apparatus 100 according to an exemplary embodiment. Each block refers to a module and an arrow between blocks indicates a flow of data or a flow of instruction.

As shown in FIG. 1, an image forming apparatus 100 is a multifunction peripheral (MFP) that includes a printing section 107, a scanning section 109, a control panel 110, a line interface (I/F) 112, and a controller section 101 for controlling these sections. The image forming apparatus 100 is not limited to MFP, but can be a printer, a scanner, a facsimile machine or the like.

The controller section 101 includes a CPU 102, a RAM 103, a ROM 104, a printing section I/F 106, a scanning section I/F 108, a MODEM 111, a USB-D I/F 115, a network I/F 118, and a USB-H I/F 122, and each block is connected each other via a system bus 105.

The CPU 102 controls each of the blocks as a whole by executing various control programs. The CPU 102 executes the various control programs that are stored in a program area of the ROM 104 and are read out by the CPU 102. The various control programs may be compressed data stored in the program area of the ROM 104. The compressed data are transferred to the RAM 103, decompressed, and executed by the CPU 102. Further, the various control programs may be stored in a not-shown hard disk drive (HDD) in a compressed or not-compressed state.

The network I/F 118 performs processing for communication with a host computer via a network (LAN) 120. The host computer 121 is represented by PC in FIG. 1 and hereinafter referred to as a PC. The network I/F 118 is coupled to the network 120 by a communication cable such as a LAN cable 119. The PC 121 can be connected to the image forming apparatus 100 by a USB cable 116 via the USB-D I/F 115 as well. The network 120 may be a wireless network.

In addition, a Web browser 121 a is operable in the PC 121 and the image forming apparatus 100 is accessible from the PC 121 by using the Web browser 121 a or the like. The PC 121 is not limited to a personal computer but may be a tablet computer, a smart phone, or a similar device. A client program other than the Web browser 121 a may be used to access the image forming apparatus 100 from the PC 121. An information processing apparatus according to an exemplary embodiment will be described based on a configuration in which the image forming apparatus 100 is accessed from the PC 121 by using the Web browser 121 a. The information processing apparatus, however, is not limited to this configuration.

The MODEM 111, which is connected to a public telephone network 114 via the line I/F 112, performs processing for communication with another image forming apparatus, a facsimile machine, a telephone, etc. The line I/F 112 and the public telephone network 114 are coupled generally with a telephone line 113.

The USB-H I/F 122 is directly connected to an external storage 123.

The printing section I/F 106 is an interface for outputting image signals to the printing section 107 (printer engine). Further, the reading section I/F 108 is an interface for inputting readout image signals from the reading section 109 (scanner engine). The CPU 102 processes the input image signals from the reading I/F 108 and outputs them as recorded image signals to the printing I/F 106.

The CPU 102 displays characters and symbols using font information that are stored in a font area of the ROM 104 onto a display area of the control panel 110. The CPU 102 also receives instructions from the control panel 110 that a user operates.

Furthermore, the CPU 102 stores, in a data area of the ROM 104, device information of the image forming apparatus 100, information of user telephone directory, department management information, and other information. The CPU 102 reads out and updates the stored information when necessary.

The image forming apparatus 100 is configured to include the reading section 109 and the printing section 107 inside thereof as shown in the block diagram. The image forming apparatus 110, however, may be configured to include one or both of these sections outside thereof.

The image forming apparatus 100 can provide a user interface, i.e., a remote user interface (RUI), which is usable from an external device such as a PC 121. A user can access the image forming apparatus 100 from the Web browser 121 a on the PC 121 via a network and can browse and change settings of the image forming apparatus 100 by using an RUI of the image forming apparatus 100.

Referring to FIGS. 2 to 4, transition of screens of an RUI according to the first exemplary embodiment will be illustrated below. An authentication screen appears when an RUI access password and a department ID management setting are not made. The authentication screen is hereafter referred to as a normal authentication screen 202.

FIG. 2 shows transition of screens of an RUI during normal authentication according to the first exemplary embodiment.

When an RUI access password and a department ID management setting are not set, if the PC 121 accesses the image forming apparatus 100, then the normal authentication screen 202 appears on a display of the PC 121. A user 201 selects either an administrator mode or a standard user mode as a log-in mode by operating a radio button 202 a on the normal authentication screen 202 that is displayed on the display of the PC 121 by the Web browser 121 a or the like running on the PC 121. The user 201 then presses a log-in button 202 d.

If the log-in mode that is selected with the radio button 202 a is the administrator mode, an administrator ID and an administrator password must be properly entered in an administrator ID entry field 202 b and an administrator password entry field 202 c respectively. In contrast, if the log-in mode is the standard user mode, there will be no further authentication required. In this case, it is not necessary to enter the administrator ID in the administrator ID entry field 202 b and the administrator password in the administrator password entry field 202 c.

When the authentication is properly processed in the normal authentication careen 202, a top screen 203 of an RUI will be displayed (i.e., screen transitions), which will enable the user 201 to access the RUI.

FIG. 3 illustrates transition of screens of an RUI when an RUI access password is entered according to the first exemplary embodiment. In FIG. 3, the same reference numerals are used for the items that are identical to those in FIG. 2 with no further description.

In a case where external accesses are restricted, when a user 201 accesses the image forming apparatus 100 from the PC 121, an RUI access password input screen 301 appears on the display of the PC 121. The RUI access password input screen 301 is a screen for performing authentication with the RUI access password (RUI access authentication screen).

A user 201 enters a preset password into an RUI access password entry field 301 a on the RUI access password input screen 301 that is displayed on the display of the PC 121 by the Web browser 121 a or the like running on the PC 121. The user 201 then press an OK button 301 b. If the entered RUI access password is correct, the normal authentication screen 202 will appear (i.e., screen transitions) and, with the same sequence as described with FIG. 2, the RUI top screen 203 will be displayed, which will enable the user 201 to access RUI.

FIG. 4 illustrates transition of screens of RUI when department ID management setting is set according to the first exemplary embodiment. In FIG. 4, the same reference numerals are used for the items that are identical to those in FIG. 2 with no further description.

In a case where the department ID management setting is made, if a user 201 accesses the image forming apparatus 100 from the PC 121, a department ID management authentication screen 401 appears on the display of the PC 121.

A user 201 enters a department ID and a department password, which are allocated to the department in which the user 201 is registered, into a department ID entry field 401 a and a department password entry field 401 b respectively on the department ID management authentication screen 401. The authentication screen 401 is displayed on the display of the PC 121 by the Web browser 121 a or the like running on the PC 121. The user 201 then presses a log-in button 401 c. If the entered department ID and department password are correct, the RUI top screen 203 will appear (i.e., screen transitions), which will enable the user 201 to access the RUI.

FIG. 5 is an exemplary flowchart for depicting a process for displaying an RUI authentication screen according to the first exemplary embodiment. The CPU 102 is to implement each step of the flowchart by reading out and executing programs stored in the ROM 104.

When the image forming apparatus 100 receives a remote access request sent by the Web browser 121 a that is running on the PC 121, the CPU 102 starts processing according to the flowchart. In the flowchart, a process which expressly indicates no operating entity is carried out by the CPU 102.

Now in step S501, the CPU 102 confirms whether the use of the RUI itself is permitted. If it is determined in the mentioned step S501 that the use of the RUI is not permitted (i.e., RUI-permission setting in FIGS. 6 and 7 is OFF, which will be described later), the CPU 102 advances the processing to step S502 (in case of NO in step S501).

In step S502, the CPU 102 controls the processing to display an RUI-not-usable screen (i.e., a not-shown message screen to inform that the use of the RUI is not permitted). More particularly, the CPU 102 transmits display data of the RUI-not-usable screen to the Web browser 121 a that is running on the PC 121. The Web browser 121 a displays, based on the received display data, the RUI-not-usable screen on the display of the PC 121. Upon completing the processing in step S502, the CPU 102 ends the process.

If it is determined in step S501 that the use of the RUI is permitted (i.e., RUI-permission setting is ON), the CPU 102 advances the processing to step S503 (i.e., in case of YES in step S501).

In step S503, the CPU 102 determines whether the department ID management setting is set. If it is determined that the department ID management setting is not set (i.e., the department ID management setting in FIGS. 6 and 7 is OFF, which will be described later), the CPU 102 advances the processing to step S504 (i.e., in case of NO in step S503).

In step S504, the CPU 102 determines whether an RUI access password is set. If it is determined that the RUI access password is set (i.e., the RUI access password setting in FIGS. 6 and 7 is set ON, which will be described later), the CPU 102 advances the processing to step S505 (i.e., in case of YES in step S504).

In step S505, the CPU 102 controls the processing to display an RUI access password input screen 301. More particularly, the CPU 102 transmits display data of the RUI access password input screen 301 to the Web browser 121 a running on the PC 121. When the Web browser 121 a receives the display data, the Web browser 121 a displays, based on the display data, the RUI access password input screen 301 on the display of the PC 121.

When the CPU 102 receives, from the Web browser 121 a running on the PC 121, an RUI access password that the user 201 has entered on the RUI access password input screen 301, the CPU 102 advances the processing to step S506.

In step S506, the CPU 102 determines whether the RUI access password that the user 201 has entered is correct (i.e., the entered password agrees with the RUI access password previously registered). In other words, the CPU 102 performs authentication processing with the RUI access password and checks the authentication result.

If the CPU 102 determines that the RUI access password that the user 201 has entered is not correct (i.e., NO in step S506), the CPU 102 controls the processing to display the RUI access password input screen 301 again (in step S505).

If the CPU 102 determines, in step S506, that the RUI access password that the user 201 has entered is correct (i.e., YES in the step S506), the CPU 102 advances the processing to step S507.

In step S507, the CPU 102 controls the processing to display the normal authentication screen 202. More particularly, the CPU 102 transmits display data of the normal authentication screen 202 to the Web browser 121 a that is running on the PC 121. When the Web browser 121 a receives the display data, the Web browser 121 a displays, based on the display data, the normal authentication screen 202 on the display of the PC 121.

The CPU 102 also controls the processing to display the normal authentication screen 202 (in step S507), in a case where the CPU 102 determines, in step S504, that the RUI access password is not set (i.e., the RUI access password setting is OFF; in case of NO in step S504).

When the CPU 102 receives, from the Web browser 121 a running on the PC 121, information including a log-in mode that the user 201 has selected in the normal authentication screen 202, the CPU 102 advances the processing to step S508.

In step S508, the CPU 102 determines whether the log-in mode that the user 201 has selected is the administrator mode (i.e., the user 201 has logged in the administrator mode).

If the CPU 102 determines that the log-in mode that the user 201 has selected is the administrator mode (i.e., the user 201 has logged in with the administrator mode), the CPU 102 advances the processing to step S509 (i.e., in case of YES in S508).

In step S509, the CPU 102 performs authentication processing for the administrator mode based on an administrator ID and an administrator authentication password that have been received along with the information on the log-in mode. The CPU subsequently determines the authentication result.

If the CPU 102 determines that the authentication fails (i.e., NO in S509), the CPU 102 controls the processing to display the normal authentication screen 202 again (in step S507).

If the CPU 102 determines that the authentication is successful (i.e., authentication is OK), the CPU 102 controls the processing to display the RUI top screen 203 (i.e., in case of YES in step S509). More particularly, the CPU 102 transmits display data of the RUI top screen 203 to the Web browser 121 a that is running on the PC 121. When the Web browser 121 a receives the display data, the Web browser 121 a displays, based on the display data, the RUI top screen 203 on the display of the PC 121.

If the CPU 102 determines that the log-in mode that the user 201 has selected in step S508 is the standard user mode (i.e., in case of NO in step S508), the CPU 102 controls the processing to display the RUI top screen 203 without performing authentication (in step S510).

If the CPU 102 determines, in step S503, that the department ID management setting is set (i.e., the department ID management setting is ON), the CPU 102 advances the processing to step S511 (i.e., in case of YES in step S503). In step S511, the CPU 102 controls the processing to display the department ID management authentication screen 401. More particularly, the CPU 102 transmits display data of the department ID management authentication screen 401 to the Web browser 121 a that is running on the PC 121. When the Web browser 121 a receives the display data, the Web browser 121 a displays, based on the display data, the department ID management authentication screen 401 on the display of the PC 121.

When the CPU 102 receives, from the Web browser 121 a running on the PC 121, a department ID and a password that the user 201 has entered in the department ID management authentication screen 401, the CPU 102 advances the processing to step S512.

In step S512, the CPU 102 performs authentication processing with the department ID and the password that the user 201 has entered and determines the authentication result.

If the CPU 102 determines that the authentication has failed (i.e., NO in S512), the CPU 102 controls the processing to display the department ID management authentication screen 401 again (in step S511).

If the CPU 102 determines that the authentication is successful (i.e., authentication is OK), the CPU 102 controls the processing to display the RUI top screen 203 in step S510 (i.e., in case of YES in step S512). Upon completing the processing in step S510, the CPU 102 ends the process.

FIG. 6 is a table for depicting a relationship between settings of the image forming apparatus and displayed authentication screens of the RUI according to the first exemplary embodiment.

FIG. 7 shows exemplary setting screens for RUI-permission setting, department ID management setting, and RUI access password setting according to the first exemplary embodiment.

Whether it is permitted to use an RUI is set in an RUI-permission setting screen 700 by selecting ON/OFF of a radio button 700 a.

Whether the department ID management is implemented is set in a department ID management setting screen 701 by selecting ON/OFF of a radio button 701 a. In a case where the department ID management setting is set, the CPU 102 manages authentication to permit each individual department (i.e., individual user group) to access the image forming apparatus 100.

Whether access to an RUI is to be restricted is set by selecting ON/OFF of a radio button 702 a on a security setting screen 702. In an RUI access password entry field 702 b, an RUI access password is set when RUI access restriction is set on the security setting screen 702.

Thus, the use of an RUI can be restricted in the security setting screen 702 by means of password information (i.e., the RUI access password set in 702 a).

The values that are set in the RUI-permission setting screen 700, the department ID management setting screen 701, and the security setting screen 702 are stored in the data area of the ROM 104 under the control of the CPU 102. The ROM 104 consists of flash ROMs in which data can be overwritten.

Further, the RUI-permission setting screen 700, the department ID management setting screen 701, and the security setting screen 702 are also displayed in a display area of the control panel 110 under the control of the CPU 102. In the example illustrated in FIG. 7, radio buttons (700 a, 701 a, 702 a) are used to select presence or non-presence of permission, restriction, and management, on the RUI-permission setting screen 700, the department ID management setting screen 701, and the security setting screen 702. Other selection methods, such as dropdown lists, can be used in place of the radio buttons.

Returning to FIG. 6, when the RUI-permission setting is OFF, the RUI-access-prohibited screen is displayed on the display of the PC 121 and access from the PC 121 is prohibited, regardless of ON/OFF of the department ID management setting and the RUI access password setting. Further, when the RUI-permission setting is ON, if the department ID management setting is ON, the department ID management authentication screen 401 is displayed on the display of the PC 121, and access from PC 121 is controlled and permitted with the authentication using a department ID and a department password, regardless of ON/OFF of the RUI access password setting.

When the RUI-permission setting is ON and the department ID management setting is ON, if the RUI access password setting is ON, the RUI access password input screen 301 is displayed on the display of the PC 121, and the access from PC 121 is controlled and permitted using the authentication with the RUI access password.

Further, when the RUI-permission setting is ON and the department ID management setting is OFF, if the RUI access password setting is OFF, the normal authentication screen 202 is displayed on the display of the PC 121.

As shown in FIG. 6, if the department ID management is set ON on the department ID management setting screen 701, the RUI access password input screen 301 is not displayed at the time of a remote access request regardless of the RUI access restriction setting, according to the first exemplary embodiment. Therefore, if the department ID management is ON, the RUI access restriction setting and the entry of RUI access password on the security setting screen 702 are not applicable. Accordingly, the RUI access restriction setting and the RUI access password entry fields can be grayed out under the control of the CPU 102 to prevent user's entry.

In the same way, if the RUI-permission setting is OFF on the RUI-permission setting screen 700, the RUI access restriction setting and the RUI access password entry fields may be grayed out under the control of the CPU 102 to prevent user's entry.

As explained in the foregoing, if an image forming apparatus according to the first exemplary embodiment is configured such that access to the image forming apparatus via a network is enabled with authentication using an external access password (i.e., RUI access password) in a case where the external access password is set, and if such an image forming apparatus operates in a mode in which the department ID management is set (i.e., department ID management is ON), access via a network is enabled with authentication using a department ID and a department password registered in the department ID management without further authentication using the external access password regardless of ON/OFF of the external access password setting. Accordingly, when a security measure (e.g., the department ID management setting) other than authentication using an external access password is implemented, redundancy of further authentication with such external access password that will be imposed on a user can be eliminated. Consequently, an image forming apparatus that can maintain security without hampering user convenience is provided.

In the first exemplary embodiment described above, whether access to an RUI is restricted is controlled by ON/OFF of the RUI access password setting in a case where the department ID management setting is not made in the image forming apparatus 100. Alternatively, in a case where a system administrator's privileges are properly set, a user having user mode privileges can access an RUI but cannot change settings of the image forming apparatus 100 and therefore it is not likely to cause a problem. Accordingly, whether access to an RUI is restricted may be configured to depend on ON/OFF of the system administrator setting. This configuration will be further explained in a second exemplary embodiment hereafter by only describing differences between the first and the second exemplary embodiments.

FIG. 8 is an exemplary flowchart for depicting a process for displaying an RUI authentication screen according to the second exemplary embodiment. The CPU 102 implements each step of the flowchart by reading out and executing programs stored in the ROM 104.

When the image forming apparatus 100 receives a remote access request sent by the Web browser 121 a that is running on the PC 121, the CPU 102 starts processing according to the flowchart. In the flowchart, a process that does not expressly indicate its operating entity is implemented by the CPU 102.

Steps S801 to S803 and steps S809 to S810 are the same as steps S501 to S503 and steps S511 to S512 in FIG. 5 respectively, therefore a description of which will not be repeated.

In step S803, however, if it is determined that the department ID management setting is not set (i.e., NO in step S803), the CPU 102 advances the processing to step S804.

In step S804, the CPU 102 determines whether a system administrator setting is made. The system administrator setting is a setting whereby a specific user or department (i.e., a user group) is designated as an administrator and given administrator privileges over the image forming apparatus 100. The administrator privileges, for example, enable all types of access to the image forming apparatus 100.

If the CPU 102 determines that the system administrator is not designated (i.e., the system administrator setting is OFF in FIG. 9, which will be described later; (NO in S804)), the CPU 102 controls the processing to display an RUI-not-usable screen in step S802 (a message screen (not illustrated) to inform that the use of the RUI is not permitted). Step S802 is the same as step S502 in FIG. 5, therefore a description of which will not be repeated.

On the other hand, if the CPU 102 determines that the system administrator is designated (i.e., the system administrator setting is ON) in step S804 (YES in step S804), the CPU 102 advances the processing to steps S805 to S808. Steps S805 to S808 are the same as steps S507 to S510 in FIG. 5, therefore a description of which will not be repeated.

FIG. 9 is a table for depicting a relationship between settings of the image forming apparatus and displayed authentication screens of an RUI according to the second exemplary embodiment. Only differences from FIG. 6 shown in the first exemplary embodiment will be described.

The same cases that are the same as in the first exemplary embodiment are the RUI-permission setting is OFF and that the RUI-permission setting is ON and the department ID management setting is ON. Therefore, description on this will not be repeated.

When the RUI-permission setting is ON and the department ID management setting is OFF, if the system administrator setting is ON, then the normal authentication screen 202 is displayed on the display of the PC 121. When the RUI-permission setting is ON and the department ID management setting is OFF, if the system administrator setting is OFF, then the RUI-access-prohibited screen is displayed on the display of the PC 121 and access from the PC 121 is prohibited.

As explained in the foregoing, an image forming apparatus according to the second exemplary embodiment is configured such that access to an RUI via a network is enabled when the system administrator setting is set, and access to an RUI via a network is disabled when the system administrator setting is not set, and that if such image forming apparatus operates in a mode in which the department ID management is set (i.e., department ID management setting is ON), access via a network is enabled with authentication using a department ID and a department password registered in the department ID management, without further authentication using an administrator ID and an administrator password of the system administrator, regardless of ON/OFF of the system administrator setting. Accordingly, when a security measure (e.g., the department ID management setting) other than authentication with an administrator ID is implemented, redundancy of further authentication using such administrator ID and administrator password which will be imposed on a user can be eliminated. Consequently, an image forming apparatus that can maintain security without hampering user convenience is provided.

In the foregoing, the authentication setting (the department ID management setting) for controlling access by each individual user group to the image forming apparatus 100 is implemented as a security measure other than the authentication with the RUI access password in the first exemplary embodiment or the authentication with the administrator authentication information in the second exemplary embodiment. However, the security measure other than the authentication with the RUI access password or the administrator authentication with the authentication information is not limited to such an exemplary embodiment.

For example, there may be a case in which authentication setting is made so as to control access by each individual to the image forming apparatus 100 (user ID management setting). When there is an RUI-access request from a PC 121 in a state that the user ID management setting is set, the CPU 102 controls the processing to display a user ID management authentication screen that requests a user ID and a user ID password from a user. More particularly, the CPU 102 transmits display data of the user ID management authentication screen to the Web browser 121 a that is running on the PC 121. When the Web browser 121 a receives the display data, the Web browser 121 a displays, based on the display data, the user ID management authentication screen on the display of the PC 121. When the CPU 102 receives a user ID and a password that the user has entered on the user ID management authentication screen, the CPU 102 performs authentication processing with the user ID and the password. If the CPU 102 determines that the authentication fails, the CPU 102 controls the processing to display the user ID management authentication screen again. On the other hand, if the CPU 102 determines that the authentication is successful (i.e., authentication is OK), the CPU 102 controls the processing to display the RUI top screen 203.

In addition, the RUI of the image forming apparatus 100 in each exemplary embodiment described above may be accessible from the PC 121 via a network 120 or via an interface, such as a USB cable 116, other than the network 120.

Further, the access control has been described in a case where the image forming apparatus 100 in each of above-described exemplary embodiments provides a user interface (RUI) that is usable by an external device such as the PC 121. The access control may be applied to any access other than an RUI as long as it is an access to a function that the image forming apparatus 100 can provide.

Still further, aspects of the present invention have been described in relation to an image forming apparatus that is accessible from external devices including the PC 121. Aspects of the present invention, however, are not limited to the image forming apparatus but may apply to an information processing apparatus other than the image forming apparatus such as personal computers, networked home appliances and so forth. Aspects of the present invention can apply to any information processing apparatus as long as it can provide functions that are usable and accessible from external devices.

As has been described in the foregoing, when a security measure (e.g., the department ID management setting) other than authentication with an access password or an administrator password is implemented, the above-described configuration will eliminate redundancy of further authentication with the access password or the administrator password which is imposed on a user. Accordingly, an image forming apparatus and the like that can maintain security without hampering user convenience can be provided. Consequently, according to aspects of the present invention, security of information processing apparatus including image forming apparatus that are accessible via a network can be maintained without hampering user convenience.

Other Embodiments

Additional embodiment(s) can also be realized by a computer of a system or apparatus that reads out and executes computer executable instructions (e.g., one or more programs) recorded on a storage medium (which may also be referred to more fully as a ‘non-transitory computer-readable storage medium’) to perform the functions of one or more of the above-described embodiment(s) and/or that includes one or more circuits (e.g., application specific integrated circuit (ASIC)) for performing the functions of one or more of the above-described embodiment(s), and by a method performed by the computer of the system or apparatus by, for example, reading out and executing the computer executable instructions from the storage medium to perform the functions of one or more of the above-described embodiment(s) and/or controlling the one or more circuits to perform the functions of one or more of the above-described embodiment(s). The computer may comprise one or more processors (e.g., central processing unit (CPU), micro processing unit (MPU)) and may include a network of separate computers or separate processors to read out and execute the computer executable instructions. The computer executable instructions may be provided to the computer, for example, from a network or the storage medium. The storage medium may include, for example, one or more of a hard disk, a random-access memory (RAM), a read only memory (ROM), a storage of distributed computing systems, an optical disk (such as a compact disc (CD), digital versatile disc (DVD), or Blu-ray Disc (BD)™, a flash memory device, a memory card, and the like.

While the present disclosure has been described with reference to exemplary embodiments, it is to be understood that these exemplary embodiments are not seen to be limiting. The scope of the following claims is to be accorded the broadest interpretation so as to encompass all such modifications and equivalent structures and functions. 

What is claimed is:
 1. An image forming apparatus configured to form an image on a sheet by using coloring material and having a function of providing web contents to an external apparatus via a network, the image forming apparatus comprising: at least one hardware processor configured to perform: accepting an instruction to enable or disable the authentication function of authenticating a user an authentication ID and an authentication; outputting a first web page for an access restriction of the web contents on a condition at least that the authentication function is disabled, and outputting a second web page for an access restriction of the web contents on a condition at least that the authentication function is enabled; and providing, to the external apparatus, the web contents including information indicating at least a remaining amount of coloring material of the image forming apparatus, wherein the first web page includes information that prompts a user to input a web password dedicated for the web contents, and the second web page includes information that prompts a user to input the authentication ID and the authentication password.
 2. The image forming apparatus according to claim 1, wherein the authentication function is a department management function, and wherein on a condition that the authentication function is enabled, different authority to execute an image forming function of the image forming apparatus is assignable to each department identified based on at least a department identification for identifying a department, and a number of times of using the image forming function is counted for each identified department.
 3. The image forming apparatus according to claim 1, wherein the web password has no dependency relation with information for identifying a user and a department that use a resource of the image forming apparatus.
 4. The image forming apparatus according to claim 3, wherein the access to the web contents is permitted without requesting the external apparatus to provide an input regarding an access control, on a condition at least that the authentication function is disabled and a web password function is disabled.
 5. The image forming apparatus according to claim 4, wherein the at least one hardware processor is further configured to perform: accepting an instruction to enable or disable a providing function of providing the web contents, and wherein, on a condition that the providing function is disabled, the at least one hardware processor performs control so that an access to the web contents is prohibited.
 6. The image forming apparatus according to claim 5, wherein, in a case where the access to the web contents is prohibited, the providing provides a third web page indicating an error to the external apparatus.
 7. The image forming apparatus according to claim 1, wherein on a condition that the authentication function is disabled, the at least one hardware processor outputs the first web page to the external apparatus that has requested the web contents, and controls whether to permit access to the web contents based on an inputted web password for executing access restriction to the web contents, and on a condition that the authentication function is enabled, the at least one hardware processor outputs the second web page to the external apparatus that has requested the web contents, and controls whether to permit access to the web contents based on an inputted authentication ID and an inputted authentication password.
 8. A method for an image forming apparatus configured to form an image on a sheet by using coloring material and having a function of providing web contents to an external apparatus via a network, the method comprising: accepting an instruction to enable disable the authentication function of authentication a user with using an authentication ID and an authentication password; outputting a first web page for an access restriction of the web contents on a condition at least that the authentication function is disabled, and outputting a second web page for an access restriction of the web contents on a condition at least that the authentication function is enabled; and providing, to the external apparatus, the web contents including information indicating at least a remaining amount of coloring material of the image forming apparatus, wherein the first web page includes information that prompts a user to input a web password dedicated for the web contents, and the second web page includes information that prompts a user to input the authentication ID and the authentication password.
 9. A non-transitory computer-readable medium storing computer executable instructions, which when executed by a computer of an image forming apparatus configured to form an image on a sheet by using coloring material and having a function of providing web contents to an external apparatus via a network, cause the image forming apparatus to perform operations comprising: accepting an instruction to enable or disable the authentication function of authenticating a user with using an authentication ID and an authentication; outputtting a first web page for an access restriction of the web contents on a condition at least that the authentication function is disabled, and outputting a second web page for an access restriction of the web contents on a condition at least that the authentication function is enabled; and providing, to the external apparatus, the web contents including information indicating at least a remaining amount of coloring material of the image forming apparatus, wherein the first web page includes information that prompts a user to input a web password dedicated for the web contents, and the second web page includes information that prompts a user to input the authentication ID and the authentication password. 